Re: (ITS#3819) Strange slapd.conf diagnostic after authz-regexp

Hallvard B Furuseth wrote:
> Sounds even less intuitive than the old "first database" hack to me,
> since the access one wants to back-config and to the root DSE etc is
> very different. With "first database" one can at least select which
> database to put first. Besides, we might someday want to implement ACL
> support in back-config.
Well, it's one bad hack vs another. What actually would make sense to me
is to cover all of the non-DB ACLs under the frontendDB, since those
objects (rootDSE, schema subentry) are actually implemented in the slapd
frontend. And it doesn't seem important to have rootdn access to these
things anyway. You may as well just add explicit ACLs to give read
access to the IDs that need access.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.comhttp://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support